ICO issues £175k penalty against Devon NHS Trust

The Information Commissioner's Office (ICO) has imposed a monetary
penalty of £175,000 on an NHS Trust in Torquay after the sensitive details of over 1,000
employees were published accidentally on the Trust’s website.

Staff at Torbay Care Trust published the information in a spreadsheet on their website in April
2011 and only spotted the mistake when it was reported by a member of the public 19 weeks
later.

The data covered the equality and diversity responses of 1,373 staff and included individuals’
names, dates of birth and national insurance numbers, along with sensitive information about the
person’s religion and sexuality.

The ICO’s investigation found that the Trust had no guidance for staff on what information
should not be published online and had inadequate checks in place to identify potential
problems.

“The fact that this breach was caused by Torbay Care Trust publishing sensitive information
about their staff is extremely troubling and was entirely avoidable," said Stephen Eckersley, head
of enforcement at the ICO.

However, the trust disputes the ICO's findings, especially that it was negligent, and is
preparing to appeal to the Information Tribunal in one of the first challenges by a public sector
organisation against a penalty issued by the ICO.

Email Alerts

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Google is the latest of the tech giants hiring Wall Street hotshots. The CIO lesson? Partner with your CFO if you want to get ahead. Also in Searchlight: Facebook turns Messenger into an ecosystem; Twitter faces a gender bias lawsuit.